De-encrypting Crypto: (Plain old) Jamtara or White Hat?
Rahul Singh & Tatheer Fatima†
Here’s a quiz: if your bank account gets swindled by Jamtara folks, what are the chances you will negotiate with them? Try again: will it make any difference if the amount involved is $613 million (INR 4500 Crores)? And what are the chances that your bank will offer a job to Jamtara folks?
Yet negotiation (and eventual job offer) is exactly what the crypto platform Poly Network fell back upon in a recent hack. In one of the biggest heists in crypto-assets and DeFi (i.e. decentralized finance) industry, the attacker reportedly managed to exploit a vulnerability to steal $613 million worth of cryptocurrencies. Whilst this might spook the faint-hearted, this piece argues that regardless of crypto-assets’ status as an unregulated asset class, its architecture has sufficient in-built guardrails for an optimistic future.
At the first blush, the hack (and consequent heist) may appear to exacerbate the fault lines and security risks associated with cryptocurrencies. This arguably bolsters the belief that they are risky and unreliable instruments or assets. Such beliefs stand in stark contrast with financial crimes or scams involving fiat currencies which have little impact on the trust reposed in fiat currencies. Curiously, such underlying trust persists in spite of scandals and attacks from cyber-swindlers to the notorious Jamtara phishing hubs.
Pace Jamtara heists, the return of most of the cryptocurrencies pilfered during the Poly Network attack and the hacker’s claim that about the exposure of the vulnerabilities afflicting the platform as the overarching purpose instantiates that the architecture of cryptocurrencies itself has sufficient guardrails. These in-built safety valves perhaps serve to respond to such attacks in a consensus driven manner in order to ensure the robustness of the system as a whole. The role of trust assumes significance in such a context.
Since it is trust in the technology underlying cryptocurrencies that impart them community acceptance (and value), the community has an incentive to work towards both exposing and resolving such security issues. This was evident in the negotiations that played out between Poly Network and Mr. White Hat, the hacker behind the Poly Network attacks.
Interestingly, while ethical ‘White Hat’ scammers are unheard of in the context of fiat currency frauds, the history of cryptocurrencies has multiple instances of ethical hackers working to expose and resolve security risks as well as restore stolen assets. Does the architecture of cryptocurrencies help?
The inherent transparency of blockchain and the breadcrumbs of evidence left on the blockchain (which are traceable through forensics) help. Further, there are significant transaction costs involved in attempting to cash out such large amounts of stolen cryptocurrencies, significantly dampening the prospects of a successful attack of such quantum.
While crypto-currencies are ‘unregulated’ assets, the community and the platforms come together to expose vulnerabilities and counter such attacks by blacklisting or freezing tokens (as was done by Tether in Poly Network). This implies that crypto-assets may lack regulatory or policy safety net, but the community itself has unique incentives to perform such ‘regulatory’ functions by coming together in a crisis. This ensures that there are sufficient guardrails in place for an optimistic future.
Curiously, similar community incentives are absent in cases involving traditional financial crime. While DLT-based scams or attacks target blockchains or platforms such as exchanges or DeFi networks (such as Poly network and Mt. Gox) financial crimes involving fiat currencies generally affect customers directly. Therefore, the community driven incentives to expose their vulnerabilities and to resolve them are lacking.
Paradoxically, the lack of such incentives in the context of fiat currencies could be due to a ‘moral hazard’ problem. Given that the law (e.g. the Deposit Insurance and Credit Guarantee Corporation Act 1961) and the central bank (the Reserve Bank of India) either explicitly or implicitly guarantee against a run-on-the-bank, customers have an incentive to engage in an ex post opportunism. This means that, in a traditional banking context, customers could afford to lower their guard against Jamtara folks.
Given the absence of such explicit or implicit guarantee, crypto folks, au contraire, do not face a ‘moral hazard’ issue. As such, incentives for innovation within the crypto-community in order to make crypto-assets safer and more robust are therefore, tremendous and unparalleled.
As indicated by Deputy Governor Shankar a few weeks ago, as we debate an Indian iteration of Central Bank Digital Currency (CBDC), there is a need to revisit the government’s flip-flopping stance regarding cryptocurrencies, possibly by utilizing regulatory sandboxes, which will facilitate a proactive, inclusive and responsive regulation, by allowing for testing of such innovations in a controlled regulatory environment.
Granted, cryptocurrencies, like other cyber-innovations are fraught with vulnerabilities. Even so, such risks must also be weighed against the weaknesses of the existing financial system as well as those associated with other asset classes such as gold, securities and cash. There is much to learn from the architecture of cryptocurrencies and the decentralized, collaborative, consensus-driven approach exhibited by the crypto-community which offers unique solutions to problems that are not hindered by the constraints that accompany centralization.
It is primarily the fear of the unknown that deters the regulators from considering the prospects of cryptocurrencies and their underlying technology. Whilst the Reserve Bank of India debates CBDCs perhaps it needs to consider learnings from the Poly Network heist and not throw the baby out with the bathwater! Alternatively, does it want customers to begin negotiating with (and offer a job to) Jamtara folks the next time they strike?
† Rahul Singh is Associate Professor of Law, National Law School of India University, Bangalore and Tatheer Fatima is Assistant Professor of Law, Mahindra University School of Law, Hyderabad.